Krebs on Security

DECEMBER 13, 2022

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO tha

Energy and Utilities 363

Energy and Utilities Sales Communications Data breaches 363

Data Breach Today

DECEMBER 13, 2022

Victims Still Learning Their Personal Data Was Illegally Accessed, Copied in 2021 A ransomware attack on the Irish healthcare system in 2021 has cost the government 80 million euros in damages and counting. The Irish Health Service continues to notify victims of the incident that their personal information was illegally accessed and copied.

Ransomware 353

Ransomware Personal data Government Access 353

The Last Watchdog

MAY 24, 2022

Google, Microsoft and Apple are bitter arch-rivals who don’t often see eye-to-eye. Related: Microsoft advocates regulation of facial recognition tools. Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps. This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their inte

Authentication 342

Authentication Passwords Digital transformation Cloud 342

ITPro.TV

AUGUST 5, 2022

Do you want to get started in a career in cybersecurity but aren’t sure what your first steps should be? There is a huge demand for people like you to build great careers in this growing sector. According to CyberSeek, there are more than 700,000 jobs needed in the cybersecurity field. Starting any career can … Continue reading Three things you need to know to get started in cybersecurity → The post Three things you need to know to get started in cybersecurity appeared first o

Cybersecurity 52

Cybersecurity IT Security 52

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Outpost24

MARCH 14, 2022

Weak password report reveals password reuse problem. 14.Mar.2022. Florian Barre. Mon, 03/14/2022 - 10:54. Specops, and Outpost24 company. Password security. Teaser. Bruteforce and stolen credentials are prime reasons for a data breach. New data recently released shows that setting strong passwords might not be enough in an increasingly volatile cybersecurity landscape.

Passwords 98

Passwords Data breaches Cybersecurity Security 98

ForAllSecure

FEBRUARY 9, 2022

When it comes to vulnerability scanning, there are different types of scans that can be performed, and each has its benefits and drawbacks. Vulnerability scanning is an important part of security as it can help organizations identify and fix vulnerabilities before they can be exploited by attackers. Vulnerability scanning can also help organizations comply with regulatory requirements for security.

Authentication 40

Authentication Security Passwords Access 40

ARMA International

APRIL 18, 2022

It is essential that your organization’s records retention schedule is compliant with the data protection requirements in the jurisdictions where your organization operates. This task may seem overwhelming since jurisdictions around the world are enacting new laws, regulations, and requirements; and organizations are continuing to expand their jurisdictional footprint.

Personal data 100

Personal data GDPR Privacy Records Management 100

eDiscovery Law

OCTOBER 21, 2022

Information governance and records management are important considerations for all organizations. New data and documents are generated at ever-increasing rates through the normal (and “new normal”) course of business, and these data and documents must be maintained for different periods of time to satisfy their business and legal compliance purposes.

Records Management 40

Records Management Information governance Government Data Privacy 40

Docuware

FEBRUARY 25, 2022

So, you’re ready to digitize your business records to maintain compliance with government and industry regulations. Should you be looking for a document management system or software that is exclusively for records management? Actually, document management enables you to digitize and archive both documents and records. Let’s explore the differences between the two to clarify the situation.

Records Management 34

Records Management Archiving Compliance Government 34

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Data Breach Today

MAY 28, 2022

Agency Spotted Compromised Credentials On Various Dark Web Forums The FBI is warning the U.S. higher education sector about compromised sensitive credentials and network access information advertised for sale across various public and Dark Web forums. The agency states that this access to credentials could potentially lead to a cyberattack.

Education 363

Education Sales Access 363

Krebs on Security

APRIL 29, 2022

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.

Search queries 363

Search queries Retail Government Marketing 363

Data Breach Today

JULY 15, 2022

Small and Mid-Size Businesses Targeted Globally But So Far Extortion Attempts Have Failed Microsoft security researches say they're tracking a hacking group originating from North Korea that may be a side project of an established threat actor. So far the group, which likes the moniker "H0lyGh0st," appears not to have collected any ransom.

Ransomware 361

Ransomware Security 361

Data Breach Today

JULY 14, 2022

Attackers Targeted More Than 10,000 Organizations Since Last September Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server. Attackers stole online session cookies, allowing them to defeat MFA and access inboxes. From there, they emailed corporate vendors to obtain financial data.

Phishing 361

Phishing Access 361

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me , an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device.

Access 364

Access Insurance Authentication Government 364

Data Breach Today

APRIL 30, 2022

Killnet Claims Responsibility for Targeting Romanian Authorities The Computer Emergency Response Team of Ukraine, along with the National Bank of Ukraine, are warning of massive DDoS attacks against pro-Ukrainian targets. The intelligence service in Romania, SRI, also warns of a similar type of attack targeting sites belonging to its national authorities.

IT 361

IT 361

Data Breach Today

OCTOBER 15, 2022

96% of Voting Tokens favor Deal; Mango Markets Will Not Pursue Criminal Charges Decentralized finance exchange Mango Markets is set to pay $47 million as bug bounty to the hacker who stole $117 million in digital assets on Wednesday. Mango Markets is a trading platform riding on the Solana blockchain.

Marketing 358

Marketing Blockchain 358

Krebs on Security

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Mining 362

Mining Privacy IT Security 362

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Krebs on Security

MAY 17, 2022

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online.

Government 359

Government Military Access Security 359

Data Breach Today

MAY 13, 2022

Areas of Proposed Investments Include SBOMs, Software Supply Chains The Linux Foundation and the Open Source Security Foundation have put forth a nearly $150 million investment plan, spread across two years, to strengthen open-source security in the U.S. The plan was announced at the Open Source Software Security Summit II in Washington, D.C., on Thursday.

Security 358

Security 358

Krebs on Security

FEBRUARY 22, 2022

Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say they will not pursue charges following revelations that the data had been exposed since 2011 — two years after responsibility for securing the state’s IT systems was centralized within Parson’s own Office of Administration.

Education 360

Education Access Security Communications 360

Data Breach Today

AUGUST 10, 2022

Monthly Dump Includes Patches for 141 Flaws, Including 17 'Critical' Fixes More than two years after being notified of it, Microsoft issued a fix for a Microsoft Windows Support Diagnostic Tool vulnerability known as DogWalk. The fix is part of the operating system giant's newest Patch Tuesday dump, which includes patches for 141 flaws.

IT 356

IT 356

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Krebs on Security

JUNE 20, 2022

Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise (BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company.

Paper 355

Paper Sales IT 355

Krebs on Security

JANUARY 6, 2022

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it.

Mining 357

Mining Computer and Electronics Blockchain Marketing 357

Krebs on Security

AUGUST 18, 2022

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote cont

Phishing 351

Phishing IT Access 351

Data Breach Today

MARCH 15, 2022

Researcher in Belarus Says Bug Bounty Through HackerOne Is Sole Income Sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers signed up with bug bounty platforms, which can no longer legally make payments. A researcher in Belarus says he's locked out from accessing $25,179 in his HackerOne account.

Access 353

Access Security 353

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Data Breach Today

MARCH 15, 2022

Despite Russian Aggression, Distributed Denial-of-Service Attacks Remain Illegal With Ukraine having called on the world to join its "IT Army" and help it hack Russia and ally Belarus, what could possibly go wrong? For starters, launching distributed denial-of-service attacks - at least from outside Ukraine - remains illegal and risks triggering an escalation by Moscow.

IT 353

IT Risk 353

Data Breach Today

APRIL 23, 2022

Company Says No Sensitive Customer or Government Information Leaked The US telecom carrier T-Mobile has confirmed that the Lapsus$ ransomware group has breached its internal network by compromising employee accounts. The company says hackers did not steal any sensitive customer or government information during the incident.

Ransomware 352

Ransomware Government IT 352

Data Breach Today

APRIL 28, 2022

As one of the architects of Israel's offensive Red Team intelligence unit and Incident Response Team, Reuven (Rubi) Aronashvili, CEO of Israeli cybersecurity company CYE, provides a highly informed view of current cyberwarfare in the Russia-Ukraine war, including how it differs from kinetic warfare.

Cybersecurity 350

Cybersecurity IT 350